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DETAILED ACTION 

1. Claims 1-24 are pending in this office action. 

Information Disclosure Statement 

2. The information disclosure statement (IDS) submitted on February 19, 2004, is in 
compliance with the provisions of 37 CFR 1 .97. Accordingly, the information disclosure 
statement is being considered by the examiner. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-24 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bovdstun et al. (U.S. Patent No. 6,839,708) in view of Pallante (U.S. Patent Pub. No. 
2003/0028495). 

Regarding claims 1,9. 10. and 18 . Bovdstun et al. teaches a programmable 
apparatus/web service architecture/computer readable memory/method for 
authenticating and authorizing a service request sent from a service client to a service 
provider, comprising: 
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• A processor (fig. 1 , ref. num 32); 

• A memory (fig. 1, ref. num 48); 

• An authorization database in the memory (fig. 2, ref. num 40); 

• A service request filter program in the memory directing the processor to receive 
an incoming service request from the service client on a communication channel 
(col. 7, lines 55-60); 

• Extract a service client identifier from the digital certificate associated with the 
service request (col. 8, lines 17-36); 

• Store the service client identifier in the memory (col. 8, lines 17-36, the identifier 
is stored in memory for later comparison); and 

• Send the service request on the communication channel to a web service 
manager (col. 9, lines 1-6); 

• A service client authentication program in the memory directing the processor to 
responsive to receiving an authentication request from a web service manager, 
match the service client identifier with a service client record in the authorization 
database having the same service client identifier (col. 8, line 60 through col. 9, 
line 12); and 

• Responsive to matching the service client identifier with a record in the 
authorization database, call a service authorization program in the memory (col. 
9, lines 9); 

• Wherein the service authorization program directs the processor to determine if 
the service client identifier associated with the service request is authorized to 
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access the service provider; and responsive to determining that the service 
request is authorized, authorize the service provider to process the request (col. 
9, lines 9-28). 

Bovdstun et al. does not teach the service request having a digital certificate 
attached. 

Pallante teaches the service request having a digital certificate attached 
(paragraph 0065). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine attaching a digital certificate to a service request, as 
taught by Pallante . with the programmable apparatus/web service architecture/computer 
readable memory/method of Bovdstun et al. It would have been obvious for such 
modifications because a digital certificate provides assurance that the person 
requesting service is indeed who they say they are. 

Regarding claims 2. 11, and 19 . Bovdstun et al. as modified by Pallante teaches 
wherein the service request filter program further directs the processor to authenticate 
the digital certificate with the issuing certification authority (see paragraph 0075 of 
Pallante). 
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Regarding claims 3. 12. and 20 . Bovdstun et al. as modified by Pallante teaches 
wherein the digital certificate is an X.509 digital certificate (see paragraph 0099 of 
Pallante). 

Regarding claims 4, 13. and 21 . Bovdstun et al. as modified by Pallante teaches 
wherein the service client identifier is a Distinguished Name (see paragraph 0099 of 
Pallante). 

Regarding claims 5. 14. and 22 . Bovdstun et al. as modified by Pallante teaches 
wherein the digital certificate is self-signed (see paragraph 0062 of Pallante). 

Regarding claims 6. 15. and 23 , Bovdstun et al. as modified by Pallante teaches 
further comprising an authorization log (see col. 9, line 64 through col. 10, line 6 of 
Boydstun et al.). 

Regarding claims 7. 16. and 24 . Bovdstun et al. as modified by Pallante teaches 
wherein the service client authentication program further records the service client 
identifier in the authorization log (see col. 10, lines 6-17 of Boydstun et al.). 

Regarding claims 8 and 17 . Bovdstun et al. as modified by Pallante teaches 
wherein the service authorization program further records the service client identifier 
and service request in the authorization log (see col. 10, lines 6-17 of Boydstun et al.).- 
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Any inquiry concerning tliis communication or earlier communications from the 
examiner should be directed to Brandon S. Hoffman whose telephone number is 571- 
272-3863. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser G. Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 



Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



273-8300. 



/Brandon Hoffman/ 
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